Image processing apparatus, image processing method, program for implementing the method, and storage medium storing the program

ABSTRACT

An image processing apparatus which can be readily used by an authenticated user without laborsome setting even if the user uses the image processing apparatus for the first time through an authentication server. A user is authenticated with an authentication server connected to an image processing apparatus via a network. User unique setting information for the authenticated user is set, and the user unique setting information for each user is stored in user information storing areas. Initial setting information of initial setting of the image processing apparatus is stored in an initial setting information storing area. When the authenticated user uses the image processing apparatus for the first time, duplicate copy of the initial setting information stored in the initial setting information storing area is stored as the user unique setting information in the user information storing areas.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an image processing apparatus, ancontrol method for the image processing apparatus, a program forimplementing the control method, and a storage medium storing theprogram, and more particularly, the present invention relates to animage processing apparatus and an image processing method that includesa first operation mode for every user and a second operation mode forauthenticated users and can manage a plurality of users, a program forimplementing the control method, and a storage medium storing theprogram.

2. Description of the Related Art

Conventionally, a plurality of users who use a plurality of personalcomputers (hereinafter, referred to as “PCs”) connected to a networkhave shared an image processing apparatus (a network resource) such as ascanner, a FAX, a printer, a copying machine or the like. In such asystem, general users can easily share the image processing apparatus.

In order to ensure the security in an office, a technique has beenproposed to perform user management for an image processing apparatusand to perform the user authentication to identify a current operator ofthe image processing apparatus.

In recent years, further enhancement of the security is emphasized. Forthis purpose, a technique has been proposed to manage operatingenvironment setting of an image processing apparatus for eachauthenticated user (for example, see Japanese Laid-Open PatentPublication (Kokai) No. 2001-306204 and Japanese Laid-Open PatentPublication (Kokai) No. 10-149061).

However, when a kind of image processing apparatus that can be naturallyshared is upgraded to a device embedded with security functions such asthe above described user management and user authentication, or when animage processing apparatus already embedded with the security functionsis newly purchased and introduced to an office, an administrator of theimage processing apparatus needs to perform necessary setting overnumerous items with efforts, hence the administrator must perform heavylabor.

Since a user cannot use an image processing apparatus until setting forall users is completed, users who share the image processing apparatusfeel inconvenience. This is because a user generally gives priority toconvenience rather than high security and feels a waste of time even forthe setting.

Further, the inconvenience as described above causes prevention of thenew introduction of the image processing apparatus embedded with thesecurity functions to an office.

A shared network scanner connected to a network includes a PULL typescanner for which a PC performs scan setting to set the readingresolution or the size of an original to be read and causes the scannerto scan the original fed to the scanner, and a PUSH type scanner forwhich the scanner performs the scan setting and the scanning.

Some PUSH type scanners that can store only a scan parameter alwaysreturn to default scan setting whenever each user starts using such ascanner. Alternatively, a user may have to perform his/her own scansetting again each time he/she uses the scanners since the scannersstore scan setting changed by another user.

An image processing apparatus having plurality of functions such assending e-mail, saving file or printing takes security measures toprevent leakage of confidential information. That is, in such a device,it is preferred that setting can be changed for each user to restrict auser to only use functions available to the user and to permit the userto perform minimum operations necessary for his/her work. Thus, in orderto reduce a labor to set scan parameters again as above and prevent theleakage of confidential information, it is required to manage settinginformation for individual user.

Meanwhile, in an image processing apparatus for managing settinginformation for each user, an administrator needs to register a new userin the device to permit the user to use the device. In order to strictlycontrol the security, the administrator restricts the use of functionsof the device for each user. For example, techniques have been disclosedfor an administrator to perform user authentication and manage operatingenvironment setting for each user (for example, see Japanese Laid-OpenPatent Publication (Kokai) No. 10-149061 and Japanese Laid-Open PatentPublication (Kokai) No. 2001-306204).

A method of separately managing setting information for each userincludes a method for an administrator to previously register all userswho possibly use an image processing apparatus, and previously store thesetting information for each user in a storage device or a memory in theimage processing apparatus.

Instead of setting functional restrictions for each user, the functionalrestrictions can be provided for each image processing apparatus so thatthe identical functional restrictions are set for all users who use animage processing apparatus.

However, the image processing apparatus for managing the settinginformation for each user often applies the same setting to users who dothe same work or belong to the same division. In this case, if initialsetting information such as default scan parameters of the device cannotbe changed, an administrator must perform setting based on the defaultinitial setting information for each time of registration in spite ofthat the same setting information is set for many users. As described,if there are many users to be registered, a great burden is put on anadministrator.

Additionally, the method of previously storing the setting informationfor each user in the storage device in the above described imageprocessing apparatus has the following problems.

For example, there is a system in which an authentication server and aplurality of image processing apparatuses are connected to one anothervia a network, ten thousands of users are registered in a storage devicein the authentication server (e.g., in Microsoft Active Directory), andthe users who use the image processing apparatus are authenticated usinguser IDs and passwords. The image processing apparatus can restrictfunctions for each user, and all the users are permitted to use theimage processing apparatus with functional restrictions depending ontheir work. Suppose that the number of users who use one imageprocessing apparatus is about ten and that the system employs a methodof registering all the users who possibly use the device in the imageprocessing apparatus, and previously storing setting information foreach registered users in the image processing apparatus. Then, userinformation of the ten thousands of users registered in theauthentication server and ten thousand user setting information must bestored in a memory in the image processing apparatus.

But actually, an image processing apparatus cannot be provided with ahigh-capacity memory or the like for storing the user information anduser setting information of ten thousands of users. Additionally, muchof the stored user setting information is user setting information ofusers who do not use the device, hence storing areas of the memory orthe like are wasted.

In the image processing apparatus described in the above that sets theidentical functional restrictions for all users who use an imageprocessing apparatus, it is not possible to change functionalrestriction setting only for a certain authenticated user. Using such animage processing apparatus, it might impossible to give the right of useonly to a certain user and a user cannot use functions if the userdesires so.

SUMMARY OF THE INVENTION

The present invention provides an image processing apparatus, a controlmethod for controlling the image processing apparatus, a program forimplementing the control method, and a storage medium storing theprogram which can be readily used by an authenticated user withoutlaborsome setting even if the user uses the image processing apparatusfor the first time through an authentication server.

The present invention also provides an image processing apparatus, acontrol method for controlling the image processing apparatus, a programfor implementing the control method, and a storage medium storing theprogram that can improve usability even if the device has a functionsuch as a security function requiring to switch and manage setting datafor each user.

In a first aspect of the present invention, there is provided an imageprocessing apparatus comprising an authenticating unit adapted toauthenticate a user with an authentication server connected thereto viaa network, a user setting information setting unit adapted to set userunique setting information for the authenticated user, a user settinginformation storage unit adapted to store the user unique settinginformation for each user, an initial setting information storage unitadapted to store initial setting information of the image processingapparatus, and an initial setting information duplicating unit adaptedto store duplicate copy of the initial setting information stored in theinitial setting information storage unit as the user unique settinginformation in the user setting information storage unit when theauthenticated user uses the image processing apparatus for the firsttime.

According to the present invention, when an authenticated user uses theimage processing apparatus for the first time through the authenticationserver, duplicate copy of initial setting information stored in aninitial setting information storage unit is stored as user uniquesetting information in a user setting information storage unit.Therefore, it is possible for the user to readily use the imageprocessing apparatus based on the initial setting information beingpreviously set by an administrator without laborsome setting even if theauthenticated user uses the image processing apparatus for the firsttime through the authentication server.

In a second aspect of the present invention, there is provided an imageprocessing apparatus that has a first operation mode in which every usercan use the image processing apparatus and a second operation mode inwhich authenticated users are allowed to use the image processingapparatus, and can be shared by a plurality of users, the apparatuscomprising a storage unit adapted to store first setting informationexclusively used by each authenticated user, second setting informationincluding a setting item same as at least one setting item of the firstsetting information and shared by at least some of the authenticatedusers, and third setting information including a setting item same as atleast one setting item of the first setting information and shared bythe every user, and a data switching unit adapted to switch data betweenthe second setting information and the third setting informationdepending on alteration of operation mode to the first operation mode orthe second operation mode.

According to the present invention, data is switched between secondsetting information shared by authenticated users and third settinginformation shared by every user depending on an operation mode. Inother words, depending on whether an operation mode of the imageprocessing apparatus is in a first operation mode for every user or asecond operation mode for authenticated users, at least the second andthird setting information among the first to third setting informationis automatically employed flexibly. As such, it is possible for a userto save labor required both setting of the first operation mode andsetting of the second operation mode of the image processing apparatus.Therefore, the present invention can provide a user-friendly imageprocessing apparatus newly added with a data switching function for theoperation mode switching. Additionally, new introduction of officeequipment to an office can be facilitated.

Further features and advantages of the present invention will becomeapparent from the following detailed description of exemplaryembodiments with reference to the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing overall configuration of a system comprisingan image processing apparatus according to a first embodiment of thepresent invention.

FIG. 2 is a block diagram showing schematic configuration of the imageprocessing apparatus in FIG. 1.

FIG. 3 is a flowchart of user authentication processing executed beforeimage reading process in the image processing apparatus in FIG. 1.

FIG. 4 is a diagram showing one example of an initial screen displayedon a display in FIG. 2.

FIG. 5 is a diagram showing one example of an error message screendisplayed at the failure of authentication.

FIG. 6 is a diagram showing one example of an error screen displayed ata user registration error.

FIG. 7A is a diagram showing one setting example of a setting screenwhen functional restrictions on the initial setting information arereduced; and FIG. 7B is a diagram showing one example of the settingscreen when some of functional restrictions on the initial settinginformation remain restricted.

FIG. 8 is a diagram showing one example of a password entry screen foran administrator.

FIG. 9 is a diagram showing one example of a screen for anadministrator.

FIG. 10 is a perspective view schematically showing an external view ofa scanner as an image processing apparatus according to a secondembodiment of the present invention.

FIG. 11 is a block diagram showing configuration of the scanner in FIG.10.

FIG. 12 is a diagram illustrating a login screen displayed on a touchscreen if an operation mode of the scanner in FIG. 10 is a usermanagement mode.

FIG. 13 is a diagram illustrating a scan setting screen displayed on thetouch screen in FIG. 10.

FIG. 14 is a diagram showing a first example of a destinationdesignation screen displayed on the touch screen when a destination listdisplay area in FIG. 13 is tapped.

FIG. 15 is a diagram showing a second example of the destinationdesignation screen displayed on the touch screen when a shared addressis designated in a list box in FIG. 14.

FIG. 16 is a diagram illustrating a user management screen displayed onthe touch screen in FIG. 10.

FIG. 17 is a flowchart of a switching process between user managementmode and non-management mode executed on the scanner in FIG. 10.

FIG. 18 is a schematic depiction of switching of data in an address bookexecuted in the steps S805 and S808 in FIG. 17.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention will now be described in detail with reference tothe drawings showing preferred embodiments thereof.

FIG. 1 is a diagram showing overall configuration of a system comprisingan image processing apparatus (image reading device) according to afirst embodiment of the present invention.

In FIG. 1, an image processing apparatus 101 has a plurality offunctions such as an image reading function, sending e-mail, FTP (FileTransfer Protocol) transmission or sending file. The image processingapparatus 101 is connected to an authentication server 102 and aplurality of user PCs 103 via a network 104.

FIG. 2 is a block diagram showing schematic configuration of the imageprocessing apparatus 101 in FIG. 1.

In FIG. 2, the image processing apparatus 101 is comprised of a CPU 303as a control unit, a display 302 for displaying an operation screen, akeyboard 306 and a touch-sensitive panel 307 for an operator to directan operation, an image reading unit 301 for reading an image from anoriginal, and a memory 304 as a rewritable storage unit. The display302, the keyboard 306, the touch-sensitive panel 307, the image readingunit 301 and the memory 304 are connected to the CPU 303.

In the memory 304, there are user information storing areas 305, 310,311 and 312 that are allocated as user management areas for users andstore each of user unique setting information, and an initial settinginformation storing area 308 that stores initial setting information ofthe image processing apparatus.

Each of the user information storing areas 305, 310, 311 and 312 storesas user unique setting information: a user information ID foridentifying each user information storing area; image reading conditioninformation such as a path designating read image data storage device,the resolution, a reading mode, a file format of image data or the sizeof an original; and functional restriction information to determinewhether the user is permitted or prohibited to use a print function or asending e-mail function or to use an address book. For example, the userinformation storing area 305 stores a user information ID in an area 305a, stores image reading condition information in an area 305 b, andstores functional restriction information in an area 305 c.

Meanwhile, the initial setting information storing area 308 storesinitial setting information such as image reading condition informationand functional restriction information that have been previously storedor previously set by an administrator when a device is introduced.

When a new user uses the image processing apparatus 101 for the firsttime, a new user information storing area is allocated for the new userin the memory 304. For this purpose, memory areas to allocate new userinformation storing areas are previously reserved in the memory 304 inorder to support increased users. The image processing apparatus 101 maybe configured so that volume of the reserved memory areas (capacity) canbe automatically varied depending on the number of user informationstoring areas. Alternatively, the maximum number of user informationstoring areas that can be saved in the memory 304 can be properlychanged.

FIG. 3 is a flowchart of user authentication process and additional userregistration process executed in the image processing apparatus 101 inFIG. 1 before image reading process. FIG. 4 is a diagram showing oneexample of a login screen first displayed on the display 302 in FIG. 2when each user starts the operation. FIG. 5 is a diagram showing oneexample of an error message screen displayed at the failure ofauthentication. FIG. 6 is a diagram showing one example of an errorscreen displayed at a registration error. The CPU 303 in the imageprocessing apparatus 101 executes the process in FIG. 3 through thecontrol of the respective units of the image processing apparatus 101. Auser of the image processing apparatus 101 cannot use the imageprocessing apparatus unless the image processing apparatus 101 sendsuser information for authentication to the authentication server 102 anduser authentication executed by the authentication server 102 iscompleted.

In step S201 of FIG. 3, the image processing apparatus 101 displays alogin screen 400 provided with a user name input box 401 or a passwordedit box 402 for requesting a user to input information forauthentication such as a user ID or a password, as shown in FIG. 4, onthe display 302 to prompt the user to input the information forauthentication.

Next, when the user inputs the information for authentication and pushesan OK button 403, the image processing apparatus 101 sends the inputtedinformation for authentication to the authentication server 102 andrequests authentication from the authentication server 102 (step S202).If the authentication server 102 determines that the information forauthentication inputted by the user is equivalent to stored informationfor authentication that has been registered in the authentication server102, i.e., the authentication succeeds (YES to step S203), then the flowproceeds to step S204. Otherwise, if the user is determined to beunregistered in the authentication server 102 from the information forauthentication inputted by the user or the password is determined to beincorrect, i.e., the authentication fails (NO to the step S203), thenthe user is judged not to have the right to use the image processingapparatus 101, hence an error message screen 500 indicating that theauthentication fails as shown in FIG. 5 is displayed on the display 302(step S209), the flow returns to step S201 and the initial login screen400 is displayed.

In step S204, the CPU 303 determines whether or not the authenticateduser is a new user who uses the image processing apparatus 101 for thefirst time. Specifically, the CPU 303 determines whether or not the userID inputted in the step S201 has been already stored in a userinformation storing area in the memory 304 as a user information ID of aregistered user. As a result, if the user ID has not been stored in theuser information storing area, the CPU 303 determines the user to be anew user who uses the image processing apparatus 101 for the first time.Otherwise, if the user ID has been already stored in the area, the CPU303 determines the user to be a registered user.

If the CPU 303 determines through the authentication server 102 that theauthenticated user is not a new user (NO to the step S204), the flowproceeds to step S208. Otherwise, if the user ID has not been stored inthe user information storing area, i.e., the CPU 303 determines the userto be a new user who uses the image processing apparatus 101 for thefirst time (YES to the step S204), then the CPU 303 determines whetheror not a reserved memory area in the memory 304 has a free space to adda user information storing area for the user (step S205). As a result,if the CPU 303 determines that there is no free space, then the CPU 303displays an error message screen 600 indicating that registration failsas shown in FIG. 6 (step S210) and returns to the initial screen 400.Otherwise, if the CPU 303 determines that there is a free space, itallocates a new user information storing area (step S206).

Next, the CPU 303 stores the user ID as a user information ID toidentify the user information storing area in the user informationstoring area allocated in the step S206, and stores duplicate copy ofinitial setting information stored in the initial setting informationstoring area 308 (step S207).

In step S208, the CPU 303 displays a screen (not shown) to setconditions for the image reading process on the display 302, andexecutes the image reading process under the conditions being setthrough the screen.

In the step S208, if the CPU 303 determines the user to be a registereduser in the step S204, it displays an image reading condition settingscreen (not shown) on the display 302. On the image reading conditionsetting screen, a user can change destination setting information suchas a destination of an e-mail or a file storing destination, and scanparameters such as the resolution, the paper size, a reading mode or asurface to be read. Meanwhile, the scan parameters displayed on theimage reading condition setting screen are scan parameters being set bythe registered user himself when the registered user used the device forthe last time, hence the registered user does not need change the scanparameters when the user performs scanning with the same setting.

Then, when the user sets the scan parameters and directs scanning, theimage processing apparatus 101 performs image reading process based onthe scan parameters being set and sends read image data to a designateddestination. The inputted scan parameters are stored as image readingcondition information in a user information storing area. This allowsthe image processing apparatus to store separate scan parameters for aplurality of users, so that the users do not need to again set scansetting identical to that for the previous use, thereby saving efforts.

Also, the destination setting information such as a destination of ane-mail transmission or a file storing destination described above isstored in the user information storing area.

Next, operation procedures will be described when an administratorchanges the initial setting information stored in the initial settinginformation storing area 308 with reference to FIGS. 7 to 9. Until theadministrator changes the initial setting information, the initialsetting information is default setting information that has beenpreviously stored at the introduction of the scanner.

FIG. 7A is a diagram showing one example of a functional restrictionsetting screen displayed when the administrator wants to changefunctional restriction information contained in the initial settinginformation. FIG. 7B is a diagram showing one example of a functionalrestriction setting screen when the administrator reduced somefunctional restrictions from the initial setting. FIG. 8 is a diagramshowing one example of a password entry screen for an administrator.FIG. 9 is a diagram showing one example of a task selecting screen foran administrator.

The administrator can change contents of the initial setting informationstored in the initial setting information storing area 308. For example,in an image processing apparatus D1 installed in a division in whichmany of the members are nonpermanent employees and an image processingapparatus D2 installed in a system department in which all of themembers are permanent employees, their initial setting informationstored in each initial setting information storing area 308 would haveto be different from each other. It is because it makes possible torestrict sending e-mails to the outside in order to prevent the leakageof confidential information if nonpermanent employees are registered inthe authentication server 102 and permitted to use the image processingapparatus D1.

For example, functional restriction information in the initial settinginformation is changed through the display of functional restrictionsetting screen 701 or 702 as shown in FIG. 7A or 7B on an imageprocessing apparatus. The administrator sets or changes items that auser is permitted to operate through the screen at the introduction ofthe apparatus, so that functional restrictions can be set to commit aright for the user to use or edit various types of address books forsending e-mails.

When the administrator changes the initial setting information, theimage processing apparatus 101 displays a password entry screen 800provided with a password edit box 801 as shown in FIG. 8 to request theadministrator to input a password. When the administrator inputs thepassword and pushes an OK button 802, the image processing apparatus 101checks whether or not the inputted password is for the administrator. Ifthe check succeeds, the image processing apparatus displays anadministrator screen 900 as shown in FIG. 9.

The administrator screen 900 displays a user management button 901 toregister or delete a user who can use the image processing apparatus 101or to change functional restriction information for the user, or aninitial setting information change button 902 to change the initialsetting information stored in the initial setting information storingarea 308. When the administrator pushes the initial setting informationchange button 902, the image processing apparatus 101 displays such afunctional restriction setting screen as 701 or 702. When theadministrator pushes down a close button 903, the display of theadministrator screen 900 ends.

In the functional restriction setting screens 701 and 702, an addressbook A is an address book in which only internal addresses areregistered, while an address book B is an address book in whichaddresses including external addresses are registered. In order toperform initial setting of the image processing apparatus D1 installedin a division in which many of the members are nonpermanent employees,the administrator previously changes initial setting information asshown in the functional restriction setting screen 702, for example.Afterward, the administrator registers users if necessary.

If a user who has not been registered in the image processing apparatus101 by the administrator logs in and has authenticated by theauthentication server 102, duplicate copy of initial setting informationchanged as such is stored in a user information storing area.

On the image processing apparatus D1 on which functional restrictionsare increased by changing the initial setting information as such, auser can only use the address book A permitted by the administrator touse and can send e-mails only to internal addresses.

In order to perform initial setting of the image processing apparatus D2installed in a system department of permanent employees only, theadministrator previously changes initial setting information as shown inthe functional restriction setting screen 701, for example. Afterward,the administrator registers users if necessary. On the image processingapparatus D2 of which functional restrictions are reduced as above, auser can use the address book A and the address book B permitted by theadministrator to use, and can send e-mails to addresses includingexternal addresses.

In the above case, a user in the system department is also authorized toedit the address book A and the address book B, so that the user canalso change addresses registered in the address book A and the addressbook B. If the system department includes another authorized user, theadministrator separately changes functional restriction informationstored in a user information storing area for each user in a similarway, so that the administrator can set different functional restrictionsfor the respective users as desired.

According to the present embodiment, when user authentication isperformed on the authentication server 102 and an authenticated useruses the image processing apparatus 101 for the first time, duplicatecopy of the initial setting information stored in the initial settinginformation storing area 308 is stored as user unique settinginformation in a user information storing area. As a result, when anauthenticated user uses the image processing apparatus 101 for the firsttime, the user can readily use the image processing apparatus 101 usingthe initial setting information previously stored or previously set bythe administrator only by logging in without laborsome scan setting.Such a user can only use functions permitted to all users based on theinitial setting information.

When an authenticated user uses the image processing apparatus 101 forthe first time, the image processing apparatus 101 allocate a userinformation storing area being a user management area for the user, andstores duplicate copy of the initial setting information, which has beenpreviously stored in the initial setting information storing area 308 inthe memory 304, in the user information storing area. As a result, it isnot necessary to previously reserve a storing area to be wasted for theuser who has not used the image processing apparatus 101 yet, therebyefficiently using the memory.

Additionally, the user unique setting information stored in the userinformation storing area can be changed as desired. As a result, theadministrator can change the functional restriction setting for eachuser, so that the administrator can also impose different functionalrestrictions on users with different rights.

Moreover, the administrator can change the initial setting informationstored in the initial setting information storing area. As a result, theadministrator can store scan parameters changed according to scanparameters commonly used by numerous users in the image processingapparatus, hence the administrator can store duplicate copy of the scanparameters when the administrator registers users upon request, and doesnot need to again set user unique setting information for each user fromthe initial state, thereby saving efforts.

In the system in FIG. 1, if ten thousands of users have been registeredin the authentication server 102 (e.g., in Microsoft Active Directory)and about ten users among them use the single image processing apparatus101, for example, then the users are fundamentally prohibited from usingpredetermined functions “a” and “b” of the image processing apparatus101 in order to set a high security level for the users registered inthe authentication server 102 (e.g., in Microsoft Active Directory). Asa result, if the users registered in the authentication server 102 login, the users can use the image processing apparatus 101 with therestriction that they cannot use the functions “a” and “b”.

A user “A” registered in the authentication server 102 (e.g., inMicrosoft Active Directory) may be permitted to use the function “a”. Inthis case, if the image processing apparatus can retain only functionalrestriction setting, it is not possible to permit only the user “A” touse the function “a”.

However, in the image processing apparatus 101 according to the presentembodiment, the administrator can change the functional restrictionsetting in the user unique setting information. As such, when the user“A” logs in for the first time, functional restriction setting toprohibit from using the functions “a” and “b” is stored. However, it ispossible to ask the administrator to change the functional restrictionsetting so as to permit the user “A” to use the function “a”, forexample. Such change of the functional restriction setting allows theimage processing apparatus to reduce the functional restrictions asrequested to administrator by individual users.

Although the user authentication using an ID and a password asinformation for authentication has been described in the presentembodiment, the present invention is not limited to it. However, theuser authentication can use biometrics authentication using afingerprint, an iris, a voiceprint, a palm print, a signed deed, aretina, an equal pulse, a face and the like.

The initial setting information stored in the initial settinginformation storing area 308 can also be duplicated in a userinformation storing area when a registered user changes setting such asscan parameters of the image processing apparatus 101 for the firsttime. In that case, the image processing apparatus 101 reads an imagefor the user based on the initial setting information of the imagereading condition information or the functional restriction informationstored in the initial setting information storing area 308 till thesetting such as scan parameters of the image processing apparatus 101 ischanged by the user. Also, in the present embodiment, the initialsetting information storing area 308 and the user information storingarea 305 are reserved and allocated in the memory 304, but the presentinvention is not limited to it. However, part or all of the areas canalso be reserved in other storage devices or storage media such as ahard disk.

In addition to requesting user authentication to the authenticationserver 102, user authentication by registering information forauthentication of, for example, dozens of users in the image processingapparatus 101, and by determining whether or not information forauthentication inputted by a user on the initial screen 400 matches theinformation for authentication registered in the image processingapparatus 101 can also be used together. Additionally, a user can alsoperform user authentication by selecting either one of theauthentication server 102 or the image processing apparatus 101.

The present invention also includes a case in which a host device suchas a PC connected to the image processing apparatus is also connected toa network so that an authentication server performs user authenticationvia the network. The image processing apparatus according to the presentembodiment can be any image processing apparatus, for example, an imageforming device such as a copier, a printer, a facsimile or amultifunction peripheral instead of an image reading device such as theabove described scanner.

FIG. 10 is a perspective view schematically showing an external view ofan image processing apparatus according to a second embodiment of thepresent invention. In a system comprising the image processing apparatusaccording to the present embodiment, components other than the imageprocessing apparatus are same as those of the system according to theabove first embodiment, and therefore description thereof will beomitted.

As shown in FIG. 10, a scanner 10 as an image processing apparatus isconfigured to perform scan operation to read an image of a conveyedoriginal. The scanner 10 is comprised of a sheet-fed reading portion 11for reading (scanning) the image of the conveyed original and a touchscreen 12 functioning as a GUI.

The sheet-fed reading portion 11 includes an original mounting table 11a on which an original is mounted and an sheet discharging section 11 bfor ejecting the already read original, as shown in FIG. 10. Thesheet-fed reading portion 11 further includes a motor (not shown) forfeeding the original mounted on the original mounting table 11 a and animage sensor (not shown) for reading the image of the original andobtaining the image as image data.

FIG. 11 is a block diagram showing configuration of the scanner in FIG.10.

In FIG. 11, the scanner 10 is comprised of a system bus 21 forinformation transfer, a CPU 22 connected to the system bus 21, a flashmemory 23 as a non-volatile storage medium and a RAM 24.

The CPU 22 executes process to direct the sheet-fed reading portion 11to perform the scan operation, user management mode switching process inFIG. 17 described later and the like.

The flash memory 23 stores programs that run on the CPU 22 for executionof various process and various types of information. The RAM 24temporarily holds obtained image data, various types of data, programsand the like. The information stored in the flash memory 23 includes:operation mode information to identify whether an operation mode of thescanner 10 is a user management mode for authenticated users in whichuser authentication is required, or a non-management mode for every user(non-authenticated users) in which user authentication is not required,read setting (scan setting) information of the scan operation by thesheet-fed reading portion 11, and the like.

The system bus 21 connects to the sheet-fed reading portion 11, atouch-sensitive panel 25 and an LCD 26 constituting the touch screen 12in FIG. 10, and an external communication I/F 27, as shown in FIG. 11.On the touch screen 12, the LCD 26 displays an operation screen througha GUI, while the transparent touch-sensitive panel 25 accepts a useroperation inputted via the operation screen through the GUI. Theexternal communication I/F 27 can send the image data obtained based onan output of the image sensor to other personal computers (PCs), serversand the like. According to the present embodiment, the externalcommunication I/F 27 is connected to at least an authentication server(not shown) that performs user authentication based on informationinputted by a user via a login screen 30 in FIG. 12 described later.

The sheet-fed reading portion 11 is controlled by the CPU 22 to performthe scan operation and store the obtained image data of the original inthe RAM 24.

Scan parameters are set via an operation screen through a GUI shown inFIGS. 12 to 16 when the sheet-fed reading portion 11 reads the image ofthe original. Items of the scan parameters include the resolution,brightness, contrast and the like. The scan parameters can be differentfor respective users. Different scan parameters desired by respectiveusers may also be stored as user-specific data in the flash memory 23.Furthermore, data of the scan parameters stored in the flash memory 23may be sent as user-specific data to the above authentication server andthe like via the external communication I/F 27.

The scanner 10 retains data being common to every user and user-specificdata. The scanner 10 has, as its operation modes, a non-management modefor every user in which user authentication is not required in use, anda user management mode in which user authentication is required.

In the user management mode, user authentication is required in use andonly the authenticated users can use the scanner 10, thereby providingprevention of the use by a non-official user who is not permitted to usethe scanner 10 and providing a high security. Meanwhile, in thenon-management mode, user authentication is not required and every usercan share data such as common destination information, thereby providingusability of the scanner 10.

Therefore, single scanner 10 according to the present embodiment canprovide either of a high security or convenience by selection, therebyfacilitating introduction task of the device to an office. Additionally,as will be described later, the scanner 10 improves the convenience bycopying a shared address book when a mode of the user management isswitched.

A scan operation when an operation mode of the scanner 10 is the usermanagement mode will now be described hereinafter.

FIG. 12 is a diagram illustrating a login screen displayed on a touchscreen 12 if an operation mode of the scanner 10 in FIG. 10 is the usermanagement mode. The login screen is displayed immediately after thepower of the scanner 10 is switched on, for example.

The login screen 30 shown in FIG. 12 is configured for input of a username or a password needed to perform user authentication required in theuser management mode.

Specifically, a title bar 36 indicating that a screen being currentlydisplayed is a login screen, an edit box 33 to input characters of auser name, an edit box 34 to input characters of a password, and an OKbutton 35 to define characters inputted in the edit boxes 33 and 34 asdeterminate designation are arranged on the login screen 30. Forexample, on the left side of the edit boxes 33 and 34 on the loginscreen 30, a text display field 31 for displaying a text “user name”indicating that the edit box 33 is a field to input a user name, and atext display field 32 for displaying a text “password” indicating thatthe edit box 34 is a field to input a password are arranged.

In order to input characters of a user name or a password, a user firsttaps the surface of the touch-sensitive panel 25 to select one of theedit boxes 33 and 34 to input characters. Subsequently, the user typesappropriate characters using a keyboard not shown. The keyboard can be asoftware keyboard displayed on the LCD 26. In that case, the keyboardcan be preferably displayed after the above tapping. When a user nameand a password are inputted in the edit boxes 33 and 34 and the OKbutton 35 is pushed, the user name and the password are sent to theauthentication server.

The authentication server performs user authentication depending on thereceived user name and password, and notifies the scanner 10 of whetheror not the user succeeds in the user authentication. If the userauthentication is successful, the login screen 30 is switched to a scansetting screen 40 shown in FIG. 13 so that the user can use the scanner10 and inputs scan parameter, a destination of transmission and the likeon the screen 40.

FIG. 13 is a diagram illustrating a scan setting screen displayed on thetouch screen 12 in FIG. 10. The scan setting screen is displayed only ifthe user authentication is successful on the login screen 30 in the usermanagement mode.

The scan setting screen 40 shown in FIG. 13 is configured to performscan parameter setting for a scan operation by the sheet-fed readingportion 11, and to select or input a destination to which image dataobtained through the scan operation is sent.

Specifically, on the scan setting screen 40, a title bar 49 indicatingthat a screen being currently displayed is a scan setting screen, adestination list display area 41 to display a list of designateddestinations of the image data transmission, list boxes 42, 43 and 44for changing of set values of the scan parameter, an advanced settingbutton 45, a user management button 46, a cancel button 47 and a startbutton 48 are arranged.

In the destination list display area 41, a list of destinations of theimage data being set using destination designation screens 50 and 60 inFIGS. 14 and 15 described later are displayed, in which the category andan address (including a FAX number or the like) are associated with eachother. Using the list, a user can readily confirm destinations of theimage data transmission. The user taps the destination list display area41 so that the scan setting screen 40 is switched to the destinationdesignation screen 50 in FIG. 14 described later.

The list box 42 is configured for designating a desired resolution toread an image of an original from a list. The list box 43 is configuredfor selectively designating that the original is read on a singlesurface or both surfaces. The list box 44 is configured for designatingthe paper size or type of the original from a list displaying A4, B5,post card, name card and the like.

The advanced setting button 45 is pushed down to induce transition fromthe scan setting screen 40 to an advanced setting screen (not shown) forfurther advanced setting, e.g., selection of image processing.

The user management button 46 is pushed down to display a usermanagement screen 70 in FIG. 16 described later.

The cancel button 47 is pushed down to cancel execution of a scanoperation by the sheet-fed reading portion 11 or to cancel the change ofscan setting. The start button 48 is pushed down to cause the sheet-fedreading portion 11 to start the execution of the scan operationaccording to scan parameter being currently set via the scan settingscreen 40.

FIG. 14 is a diagram showing a first example of a destinationdesignation screen displayed on the touch screen 12 when the destinationlist display area 41 in FIG. 13 is tapped.

A destination designation screen 50 shown in FIG. 14 is not onlyconfigured for a user to select a destination of image datatransmission, but also configured for the user to edit an address bookcontaining destination data that displayed in an address list displayarea described later.

Specifically, on the destination designation screen 50, a title bar 512indicating that a screen being currently displayed is a destinationdesignation screen, list boxes 501 and 503, an address list display area504, a new registration button 505, an edit button 506, a delete button507, a cancel button 508, an OK button 509 and up/down buttons 510 and511 are arranged. For example, on the left side of the list box 503 onthe destination designation screen 50, a text display area 502 isprovided to display a text “destination category” indicating that thelist box 503 is a list box to select a category of a destination.

The list box 501 is configured for selectively designating a desiredaddress book from a plurality of address books. An address book includesa personal address book dedicated to an authenticated user for storingaddresses for the authenticated user to send image data to a destinationstored in it, and a shared address book that all of the authenticatedusers can use. There can be a plurality of personal address booksdedicated to one authenticated user, and also there can be a pluralityof shared address books.

The list box 503 is to selectively designate a desired destinationcategory from a list of kinds of destinations such as E-mail, FTP, a PC,a FAX or a printer.

Display contents of the address list display area 504 change dependingon an address book and a destination category selected in the list boxes501 and 503, as described later in detail. If a shared address book isdesignated in the list box 501, the destination designation screen 50 isswitched to a screen in FIG. 15 described later.

The up/down buttons 510 and 511 are pushed down to select a desireddestination from an address book. Each time the buttons are pushed down,display of a destination selected in the address list display area 504can be scrolled to a corresponding direction on a one-row basis.

The new registration button 505, the edit button 506 and the deletebutton 507 are pushed down when an address book is edited. The edit ofan address book can include new registration of a destination in theaddress book, edit of information of a destination selected from theaddress book, and deletion of a destination selected from the addressbook. More specifically, when the new registration button 505 or theedit button 506 is pushed down, the screen is switched to a destinationregistration screen (not shown) to register a name or an address asinformation of a destination. When the delete button 507 is pushed down,a warning dialog (not shown) including a warning message “REALLYDELETE?” is overlapped on the destination designation screen 50.

The cancel button 508 is pushed down to discard all results of edit ofan address book and return to the scan setting screen 40. Meanwhile, theOK button 509 is pushed down to store a result of edit of an addressbook and return to the scan setting screen 40 in the state thatdestinations selected from the address book are displayed in thedestination list display area 41.

Hereinafter, the address list display area 504 will be described indetail.

In the address list display area 504, a list of destinations of adestination category designated in the list box 503, those destinationsare registered in an address book designated in the list box 501, isdisplayed in a table format. In an example shown in FIG. 14, “E-mail” isdesignated as a destination category, so that only E-mail addresses areextracted from an address book and displayed in the address list displayarea 504. In this example, if the destination category is changed to anFTP or a FAX using the list box 503, an address book including onlyextracted addresses or FAX numbers, corresponding to the changeddestination category, are displayed on the address list display area504.

In the address list display area 504, names of destinations of imagedata transmission, addresses of the destinations, and check informationindicating whether or not transmission of the image data to that addressis performed.

Specifically, in the address list display area 504, the first column,i.e., a check box column is arranged to display the check information as“∘”, “x”, the second column, i.e., a name display column is arranged todisplay a name of a destination, and the third column, i.e., an addressdisplay column is arranged to display an address of the destination.Meanwhile, in the first row in the address list display area 504, theindices “send”, “name” and “address” for each column are displayed,while in the second to sixth rows, part or all of destinations arrangedin a predetermined order is displayed.

A display color of a row corresponding to a position tapped by a user inthe address list display area 504, for example, display color of thefourth row changes as shown in FIG. 14, which indicates a destinationdisplayed in the row to be in a selected state. If the edit button 506or the delete button 507 is pushed down while a destination is in aselected state, an address of the destination in a selected state can beedited or deleted. If a user again taps the display part of thedestination in a selected state, the destination is set as a destinationof image data transmission, which changes display content of the checkbox column (the first column) from “x” to “∘”. If the destination hasbeen already set as such destination, the setting can be canceled. Forexample, if a user again taps a display part of the second row whiledisplay content of the check box column is “∘” for a destination in thesecond row, the display content in a cell in the first column can bechanged to “x”.

FIG. 15 is a diagram showing a second example of the destinationdesignation screen displayed on the touch screen 12 when a sharedaddress is designated in the list box 501 in FIG. 14. The destinationdesignation screen is displayed when a shared address book is designatedin the list box 501 in FIG. 14, for example. The destination designationscreen 60 may also be displayed instead of the destination designationscreen 50 in FIG. 14 when a user taps the destination list display area41 in FIG. 13.

The destination designation screen 60 shown in FIG. 15 is configuredsimilarly to the destination designation screen 50 shown in FIG. 14.Differences are that an address book designated in a list box 601 is a“shared address book” and that an address list display area 604 isarranged instead of the address list display area 504. The address listdisplay area 604 displays a shared address book that can be shared byall users who have logged in through the login screen 30 in FIG. 12.

As shown in FIGS. 14 and 15, a user can readily select and setdestinations of image data from the address list display areas 504 and604. After the selection and setting, when the OK buttons 509 and 609 ispushed down, the destination designation screens 50 and 60 in FIGS. 14and 15 return to the scan setting screen 40 in FIG. 13. Then, thedestination list display area 41 in FIG. 13 displays only addresses ofdestinations having “∘” in the check box columns in the address listdisplay areas 504 and 604 in FIGS. 14 and 15.

Although destinations are selectively set through the list boxes 501,601 and 503 and tapping by a user in the description relating to FIG. 14or 15, the present invention is not limited to it. Instead, for example,the scanner 10 can also be configured to set or change destinationsusing apparatus on a network connected via the external communicationI/F 27.

FIG. 16 is a diagram illustrating a user management screen displayed onthe touch screen 12 in FIG. 10. The user management screen is displayedwhen the user management button 46 on the scan setting screen 40 in FIG.13 is pushed down.

The user management screen 70 (for an administrator of the scanner 10)shown in FIG. 16 is not only configured for the administrator to edituser information such as user names of users who can log in through thelogin screen 30 in FIG. 12 (registered users), for example, but alsoconfigured for the administrator to perform setting of an authenticationserver.

Specifically, on the user management screen 70, a title bar 79indicating that a screen being currently displayed is a user managementscreen, a user name list display area 71, a new registration button 72,an edit button 73, a delete button 74, a cancel button 75, an OK button76, an authentication server setting button 77 and a check box 78 arearranged. For example, on the right side of the check box 78 on the usermanagement screen 70, a text “use authentication server” is displayedindicating that 78 is a check box to designate whether or not to performuser management on the authentication server.

In the user name list display area 71, a list of user names ofregistered users is displayed. It is preferred that, if the number ofregistered users is more than five, for example, up/down buttons aredisplayed below the user name list display area 71 on the usermanagement screen 70 to scroll registered user names that can bedisplayed in the user name list display area 71 to a correspondingdirection on a one-row basis.

The new registration button 72, the edit button 73 and the delete button74 are pushed down to edit user information of a registered user. Theedit of user information can include new registration of a user name ofa new user in the user name list display area 71, edit of userinformation of a registered user selected from the user name listdisplay area 71, and deletion of the user information of the registereduser selected from the user name list display area 71.

More specifically, when the new registration button 72 or the editbutton 73 is pushed down, the screen is switched to a user registrationscreen (not shown) to register a user name or a password as userinformation. When a new user is registered on the user registrationscreen, it is preferred that contents of a shared address book can beautomatically copied to the personal address book for the new userbefore the new user edits it. For example, personal address book fornewly registered user is automatically created from copied contents of ashared address book. Additionally, the copy can be preferably performedas soon as the new user is newly registered. Therefore, a new user cancreate his/her own personal address book only by editing a personaladdress book automatically generated to have identical contents to ashared address book, thereby significantly reducing efforts such asinput of an address through a keyboard, hence improving usability of thescanner 10.

When the delete button 74 is pushed down, a warning dialog (not shown)including a warning message “REALLY DELETE?” is overlapped on the usermanagement screen 70. If an approval of the warning message is inputtedvia the warning dialog, a user name of a registered user selected fromthe user name list display area 71 is deleted from the list of usernames 71, and user information such as an address book, a user name anda password is deleted from the flash memory 23.

The cancel button 75 is pushed down to discard all results of the editof user registration and return to the scan setting screen 40.Meanwhile, the OK button 76 is pushed down to store the results of theedit of the user registration information and return to the scan settingscreen 40.

The authentication server setting button 77 is pushed down to display anauthentication server setting screen (not shown) to set a networkaddress of an authentication server for performing user management. Theauthentication server can be a directory server (e.g., Microsoft ActiveDirectory) provided on a network. Using a directory server, a singleauthentication server can perform user management for a plurality ofscanners 10 in an integrated way. Another user management server (notshown) differing from the authentication server can be added, which canstore user information of registered users. In that case, the scanner 10accesses the user management server via the network to edit the userinformation.

The check box 78 is checked when the user management is performed by theauthentication server being set on the above authentication serversetting screen and unchecked when the administration is not performed.This allows administrator to readily switch the use/nonuse of theauthentication server. The check box 78 is displayed in gray such thatthe box 78 cannot be checked when the authentication server is not seton the authentication server setting screen, or when the setting of theauthentication server is not valid, or when the setting of theauthentication server is valid but the authentication server cannot beconnected.

In the present embodiment, if the setting of the authentication serveron the authentication server setting screen is valid and the check box78 is checked, the new registration button 72, the edit button 73 andthe delete button 74 are displayed in gray such that the buttons cannotbe pushed down. This prevents new registration of a user and edit ofuser information of a registered user in the scanner 10. If the aboveuser management server is added, the new registration button 72, theedit button 73 and the delete button 74 do not need to be displayed ingray.

It is preferable to display a login screen similar to the login screen30 in FIG. 12 to check whether or not the administrator is anadministrator of the scanner 10 after the user management button 46 inFIG. 13 is pushed down and before the user management screen 70 in FIG.16 is displayed. On the login screen, a user name, a password of anadministrator and the like are inputted. Instead of such a login screen,for example, a password entry screen may be displayed that is created byerasing the edit box 33 and the text display field 31 from the loginscreen 30 in FIG. 12. Using such password entry screen, an administratoronly needs to input a password, but does not need to input a user name.

Next, a scan operation of the scanner 10 which operates in thenon-management mode will be described in differences from a scanoperation in the user management mode.

If an operation mode of the scanner 10 is the non-management mode, thescan setting screen 40 in FIG. 13 is displayed immediately after thepower of the scanner 10 is switched on. As such, the login screen 30 inFIG. 12 is not displayed and no user authentication is performed.

Subsequently, when a user taps the destination list display area 41 onthe scan setting screen 40, the scan setting screen 40 is switched tothe destination designation screen 60 in FIG. 15. At that time, a sharedaddress book in the list box 601 on the destination designation screen60 is displayed in gray, hence personal address books other than ashared address book cannot be designated in the list box 601. As such,personal address books dedicated to other authenticated users cannot beviewed, thereby improving security of the scanner 10. If there are aplurality of shared address books, each of the shared address books canpreferably be designated in the list box 601.

The user management screen 70 in FIG. 16 may preferably be configured tobe displayed only for an administrator of the scanner 10. However, theuser management screen 70 in FIG. 16 may also be configured to bedisplayed for registered users other than the administrator. In thatcase, the screen 70 can be configured such that registered users otherthan the administrator cannot edit user information via the usermanagement screen 70.

FIG. 17 is a flowchart of a user management mode switching processbetween user management mode and non-management mode executed on thescanner 10 in FIG. 10. This process is executed by the CPU 22 using theflash memory 23, the RAM 24, the touch-sensitive panel 25, the LCD 26,etc. This process starts when the OK button 76 is pushed down afterediting such as new registration of a user or deletion of userinformation of a registered user on the user management screen 70 shownin FIG. 16, that is, after the number of registered users changes, whenthe check box 78 is checked or unchecked, or the like.

In FIG. 17, first, it is determined in step S801 whether theauthentication server is used or not. Specifically, the CPU 22determines to use the authentication server if the check box 78 providedon the user management screen 70 shown in FIG. 16 is checked.

If it is determined to use the authentication server (YES to the stepS801), it is determined whether or not current operation modeinformation stored in the flash memory 23 indicates the non-managementmode (step S803).

As a result of the determination in the step S803, if the operation modeinformation represents the non-management mode, an operation mode of thescanner 10 is switched to the user management mode (step S804).

In the user management mode, setting information such as the designationof a destination as described with reference to FIG. 14 or 15 or thescan setting as described with reference to FIG. 13 can be managed foreach user. Further, setting information to be administrated can containinformation needed to set a PC, a mail server or an FTP server, any oneof them can be designated as a destination of transmission.

Subsequently, In step S805, along with the switching to user managementmode, data switching of copying shared data (third setting information)such as setting information for the non-management mode currently storedin the flash memory 23 to shared data (second setting information) suchas setting information for the user management mode also stored in theflash memory 23.

For example, as shown in FIG. 18, the data switching may be altering thecontents of a shared address book that can be shared by authenticatedusers (registered users) who have logged in through user authenticationin the user management mode depending on the contents of a sharedaddress book available to every user in the non-management mode. Inother words, data switching is to relate the second setting informationto the third setting information. In the present embodiment, the dataswitching includes process copying the shared address book available toevery user into a shared address book available to only registeredusers. If a personal address book other than the shared address book isstored in the flash memory 23, setting of the destination designationscreen 50 is changed such that a registered user can use the personaladdress book stored for himself/herself (for example, personal addressbook 94 for the registered user A or personal address book 95 for theregistered user B shown in FIG. 18) only if the user selects it.

Otherwise, as a result of the determination in the step S803, if anoperation mode information indicates the user management mode, anoperation mode of the scanner 10 does not need to be switched, hence theprocess in steps S804 and 5805 is skipped and this user management modeswitching process ends.

Meanwhile, as a result of the determination in the step S801, if it isdetermined not to use the authentication server since the check box 78is unchecked, then it is determined whether the number of registeredusers is “0” or not (step S802). As a result of the determination, ifthe number of registered users is not “0”, the flow proceeds to stepS803 to cause the scanner 10 to operate in the user management mode.Otherwise, if the number of registered users is “0”, the flow proceedsto step S806 to cause the scanner 10 to operate in the non-managementmode.

At the next step S806, it is determined whether or not operation modeinformation stored in the flash memory 23 indicates the user managementmode.

As a result of the determination in the step S806, if the operation modeinformation indicates the user management mode, an operation mode of thescanner 10 is switched to the non-management mode (step S807).

In this non-management mode, it does not need to differently managesetting information required for the destination designation asdescribed with reference to FIG. 14 or 15 or the scan setting asdescribed with reference to FIG. 13 for each user.

Subsequently, in step S808, along with the switching to user managementmode, data switching of copying setting information data (second settinginformation) for the user management mode currently stored in the flashmemory 23 to setting information data (third setting information) forthe non-management mode. For example, as shown in FIG. 18, dataswitching may be altering the contents of a shared address bookavailable to every user in the non-management mode depending on thecontents of a shared address book available to every user in the usermanagement mode. In other words, data switching is to relate the thirdsetting information to the second setting information. And along withthe switching, if the flash memory 23 stores a personal address bookother than the shared address book, display of the destinationdesignation screen 50 using the personal address book is prohibited ordisplay setting of the destination designation screen 60 is changed suchthat the personal address book (for example, the personal address book94 for the registered user A or the personal address book 95 for theregistered user B shown in FIG. 18) cannot be used, since thenon-management mode is an operation mode not requiring userauthentication. The personal address book can be available by changingan operation mode of the scanner 10 into the user management mode.

Otherwise, as a result of the determination in the step S806, if anoperation mode information indicates the non-management mode instead ofthe user management mode, an operation mode of the scanner 10 does notneed to be changed, hence the process in steps S807 and S808 is skippedand this user management mode switching process ends.

According to the process in FIG. 17, for example, when the scanner 10 isintroduced to an office, use of an authentication server is notindicated and the number of registered users is “0” (NO to the step S801and YES to the step S802), hence an operation mode of the scanner 10 isautomatically set to the non-management mode (step S807).

When an operation mode of the scanner 10 is changed to thenon-management mode, shared data such as scan parameters or a sharedaddress book that is used in the user management mode automaticallybecomes shared data such as a shared address book available to all users(step S808). This can improve usability of the scanner 10.

Further, not only when the scanner 10 is introduced, but also when thenumber of registered users becomes “0” due to deletion of a registereduser, a mode is changed to the non-management mode, bringing similaradvantages.

As described in the above, the usability is improved so that newintroduction of the scanner 10 as office equipment to an office can befacilitated.

In the present embodiment, a check box may be arranged to designatewhether or not to perform user management on the user management screen70 in FIG. 16 instead of process in the steps S801 to 5802 in FIG. 17.The process in FIG. 17 may be changed such that if this check box ischecked, the flow proceeds to step S803; and if the check box isunchecked, the flow proceeds to step S806. In other embodiment, theprocess in the step S802 can be omitted. In that case, if a result ofthe determination in the step S801 is NO, the flow proceeds to the stepS806.

Either of the switching on shared data executed in the step S805 or 5808in FIG. 17 can be omitted if there is no need.

The process in FIG. 17 can further include process to copy sharedaddress book data 93 (second setting information) to automaticallycreate a personal address book (first setting information) dedicated toa user C when the number of registered users is increased, for example,the user C is newly registered. With this process, it is possible forthe user C to edit the personal address book automatically created toreadily create his/her own personal address book, and hence theusability is further improved. In this embodiment, the first settinginformation, the second setting information and the third settinginformation include a personal address book respectively and apparentlyhave common setting items.

FIG. 18 is a schematic depiction of switching of data in an address bookexecuted in the steps S805 and 5808 in FIG. 17.

Although the data such as a personal address book and a shared addressbook is stored in the flash memory 23 as described above, in otherembodiment the data may also be stored in the RAM 24 as necessary. If astorage unit such as a hard disk device is provided, the data may alsobe stored in the storage unit.

As shown in FIG. 18, data in an address book is stored in an allocateddata storing area 91 for the user management mode and an allocated datastoring area 92 for the non-management mode separately.

The allocated data storing area 91 for storing user information storesthe shared address book data 93 that can be viewed and edited by aregistered user during operation in the user management mode,user-specific personal address book data 94 identified by a user name“user A”, user-specific personal address book data 95 identified by auser name “user B”, and the like.

The allocated data storing area 92 for the non-management mode storesshared address book data 96 that can be shared by every user duringoperation in the non-management mode.

In the process in the step S805 in FIG. 17 described above, the sharedaddress book data 96 in the data storing area 92 is copied as the sharedaddress book data 93 in the data storing area 91. Meanwhile, in theprocess in the step S808, the shared address book data 93 in the datastoring area 91 is copied as the shared address book data 96 in the datastoring area 92.

FIG. 18 shows the example to distinctly store address book datadepending on an operation mode of the scanner 10. Similarly, informationof the scan setting in FIG. 13 and information of setting in combinationof the scan parameter and destination information (job information) canalso be distinctly stored depending on an operation mode of the scanner10.

In the present embodiment, the copying process has been taken as anexample of the data switching process, but the present invention is notlimited to the copying process. For example, the data switching processmay include process to add only information in the second settinginformation but not contained in the third setting information to thethird setting information. The data switching process may also includeprocess to add only information in the third setting information but notcontained in the second setting information to the second settinginformation. In other embodiment just one setting information can beused as the second setting information and also as the third settinginformation. Further, data storing areas may not be distinguished, sothat data to be stored is combined in one group and readable data areamay be distinguished depending on an operation mode of the scanner 10.This prevents storing data redundantly, thereby effectively employingdata storing areas.

In the present embodiment, all registered users are permitted to edit orview shared data such as the shared address book data 93. However, itmay be possible to restrict some users to edit or view the shared data.And also some of the authenticated users may be prohibited to use secondsetting information.

In the present embodiment, the user management mode implementing afunction to improve the security of the scanner 10 has been taken as anexample of an operation mode of the scanner 10, but the presentinvention is not limited to it. However, the present invention can beapplied to any operation mode implementing a function requiringswitching and managing of setting data for each user.

In the present embodiment, the scanner 10 is comprised of a GUI such asthe touch-sensitive panel 25 or the LCD 26 and has a communicationfunction such as a sending function of an E-mail or a FAX or the like.Instead, this invention can be applied on a system in which an imagereading device such as the scanner 10 is connected to a host computersuch as a PC comprising a GUI and having a communication function.

In the present embodiment, the scanner 10 is containing the sheet-fedreading portion 11. Instead, the scanner 10 can be containing a flatbedscanner. The image processing apparatus according to the presentembodiment can be any image processing apparatus, for example, an imageforming device such as a copying machine, a printer, a facsimile or amulti function machine instead of an image reading device such as thescanner 10 described above.

It is to be understood that the object of the present invention may alsoaccomplished by supplying a system or an apparatus with a storage mediumin which a program code of software which realizes the functions of eachof the above described embodiments is stored, and causing a computer (orCPU or MPU) of the system or apparatus to read out and execute theprogram code stored in the storage medium.

In this case, the program code itself read from the storage mediumrealizes the functions of each of the above described embodiments, andhence the program code and the storage medium in which the program codeis stored constitute the present invention.

Examples of the storage medium for supplying the program code include afloppy (registered trademark) disk, a hard disk, a magnetic-opticaldisk, a CD-ROM, a CD-R, a CD-RW, DVD-ROM, a DVD-RAM, a DVD-RW, a DVD+RW,a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively,the program may be downloaded via a network.

Further, it is to be understood that the functions of each of the abovedescribed embodiments may be accomplished not only by executing aprogram code read out by a computer, but also by causing an OS(operating system) or the like which operates on the computer to performa part or all of the actual operations based on instructions of theprogram code.

Further, it is to be understood that the functions of each of the abovedescribed embodiments may be accomplished by writing a program code readout from the storage medium into a memory provided on an expansion boardinserted into a computer or in an expansion unit connected to thecomputer and then causing a CPU or the like provided in the expansionboard or the expansion unit to perform a part or all of the actualoperations based on instructions of the program code.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all modifications, equivalent structures and functions.

This application claims the benefit of Japanese Application Nos.2006-305802 and 2006-337005, filed Nov. 10, 2006 and Dec. 14, 2006,which are hereby incorporated by reference herein in their entirety.

1-19. (canceled)
 20. An image processing system comprising: anauthentication server for user authentication; and an image readingapparatus connected with the authentication server via a network,wherein the image reading apparatus comprises: a user authenticationunit adapted to perform the user authentication with the authenticationserver; a user setting information setting unit adapted to set userunique setting information; a user setting information storage unitadapted to store therein the user unique setting information; an initialsetting information storage unit storing therein initial settinginformation of the image processing system; and a duplicate unit adaptedto duplicate the initial setting information stored in the initialsetting information storage unit and storing therein the duplicatedinitial setting information as the user unique setting information whenthe authenticated user uses the image processing system for the firsttime.
 21. An image processing system according to claim 20, wherein theuser authentication unit performs the user authentication for a new userwith the authentication server by authenticating the new user with theduplicated initial setting information stored as the user unique settinginformation in the user setting information storage unit.
 22. An imageprocessing system according to claim 20, wherein the initial settinginformation includes functional restriction information for the imagereading apparatus.
 23. An image processing system according to claim 22,wherein the functional restriction information includes informationrestricting a right to edit an address book.
 24. An image processingsystem according to claim 22, further comprising a functionalrestriction information changing unit adapted to change the functionalrestriction information as the initial setting information.
 25. An imageprocessing system according to claim 20, wherein the initial settinginformation includes image reading condition information for the imagereading apparatus.
 26. An image processing system according to claim 20,wherein the duplicate unit creates a user management area in the usersetting information storage unit to store therein the user uniquesetting information, wherein the duplicated initial setting informationis stored in the created user management area as the user unique settinginformation.
 27. An image processing system according to claim 20,wherein the user setting information setting unit changes the duplicatedinitial setting information stored in the user setting informationstorage unit as the user unique setting information.